{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-36873", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-13T20:43:19.469Z", "dateReserved": "2026-04-06T00:00:00.000Z", "datePublished": "2026-04-13T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-13T12:15:09.034Z"}, "descriptions": [{"lang": "en", "value": "Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/Thirtypenny77/bug_report/blob/main/sourcecodester/basic-library-system/SQL-2.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T20:28:26.883061Z", "id": "CVE-2026-36873", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:43:19.469Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-36873", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T20:28:26.883061Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:43:14.691Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/Thirtypenny77/bug_report/blob/main/sourcecodester/basic-library-system/SQL-2.md"}], "descriptions": [{"lang": "en", "value": "Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-13T12:15:09.034Z"}}}, "cveMetadata": {"cveId": "CVE-2026-36873", "state": "PUBLISHED", "dateUpdated": "2026-04-13T20:43:19.469Z", "dateReserved": "2026-04-06T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-13T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:razormist:basic_library_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F93EAAD-3EF5-4565-8C51-7AEBA905A0CD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php."}], "id": "CVE-2026-36873", "lastModified": "2026-04-14T17:42:59.120", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-13T13:16:41.553", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Thirtypenny77/bug_report/blob/main/sourcecodester/basic-library-system/SQL-2.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0,*]"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "product": "basic_library_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-04-14T18:26:58.516737+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2019s latest patch for Sourcecodester Basic Library System v1.0 if it becomes available.", "If a patch is unavailable, restrict access to /librarysystem/load_admin.php to authenticated administrators only.", "Replace vulnerable SQL statements with parameterized queries or use prepared statements to eliminate injection risks.", "Validate and sanitize all user\u2011supplied input before it reaches the database layer.", "Deploy a web application firewall that blocks suspicious SQL injection patterns as a temporary containment measure."], "summary": {"action": "Update Software", "impact": "Data Exposure"}, "threat_synthesis": {"affected_systems": "The only affected product is Sourcecodester Basic Library System v1.0, developed by RazorMIST. Users running this exact version on a web server that exposes the librarysystem directory are vulnerable. No other versions or products are listed.", "description_and_impact": "A classic SQL injection flaw exists in the /librarysystem/load_admin.php file of Sourcecodester Basic Library System v1.0, allowing an attacker to inject arbitrary SQL into queries that are directly executed by the database. This permits reading, modifying or deleting database contents, thereby compromising the confidentiality and integrity of the data stored in the system. The weakness is classified as CWE\u201189.", "risk_and_exploitability": "The CVSS score of 2.7 indicates a low severity risk, and the EPSS score is under 1 percent, suggesting a low likelihood of exploitation. The flaw is not listed in the CISA KEV catalog. Attackers can target the vulnerable endpoint via standard web requests, potentially from any Internet\u2011connected user; authentication requirements are not clearly defined in the description, so it is assumed that unauthenticated users may also exploit the vulnerability. Because this is a web\u2011based vector, mitigation can rely on input validation or restricting access to the endpoint, but the low exploitation probability means monitoring is acceptable until a patch is applied."}}}}, "created": "2026-04-13T14:27:01.273286+00:00", "title": "SQL Injection in Basic Library System v1.0 /librarysystem/load_admin.php", "updated": "2026-04-15T15:45:07.544645+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$basic_library_system"]}